feat: B12 Chatbot-Cookie-Klassifikation (#19) + Cookie-Matrix scan + safetykon test

#19 Chatbot-Cookie-Klassifikation:
  - chat_providers.json KB mit 11 Providern (iAdvize, Intercom, Tidio,
    Drift, Userlike, Zendesk, LivePerson, HubSpot, Vertex AI, OpenAI,
    Anthropic Claude). Pro Provider: Cookie-Pattern-Regex,
    typical_retention_days, tn_functions vs cp_functions, ai_capable.
  - chatbot_cookie_classification_check.py mit 4 KORRIGIERTEN Checks:
      CHAT-COOKIE-CLASS-001 (MED) — TN deklariert + Vendor-Purpose
        erwähnt Targeting/Analytics/A-B-Tests
      CHAT-COOKIE-CLASS-002 (MED) — Provider hat tn+cp Funktionen,
        Tabelle nennt nur eine Seite → keine Einwilligungs-Differenzierung
      CHAT-COOKIE-PURPOSE-001 (LOW) — Zweck zu generisch (Art. 13
        DSGVO konkret)
      CHAT-COOKIE-RETENTION-001 (HIGH) — deklariert <90d, KB-typisch
        >365d → vermutlich unterdeklariert
    NEU vs vorigem Plan: kein "eigene Banner-Kategorie Chat/AI"-Check —
    gesetzlich nicht vorgeschrieben (Vermischung Zweck-Transparenz vs
    Kategorie-Name). Anwender-Frage berechtigt, Konzept geschärft.
  - _b12_wiring.py + Orchestrator-Wire + V2-Compose-Slot
  - Cookie-Inventar mit [Chat]/[Chat+AI]-Tag pro Cookie-Name (KB-Lookup)
  - Smoke (3 Vendors / 5 Cookies): 9 findings korrekt (3 HIGH RETENTION,
    3 MEDIUM CLASS-001, 4 LOW PURPOSE)

Cookie-Matrix Scan (Browser-Vergleich gegen safetykon.de):
  - consent-tester/services/cookie_behavior_per_browser.py: eigener
    fokussierter Scanner. Pro Browser-Profile: cookies before / after
    reject / after accept in separaten Kontexten. Sequenzielle Runs
    statt parallel (Race-Conditions).
  - routes_cookie_matrix.py POST /scan-cookie-matrix
  - Live-Test safetykon.de: chromium=1, firefox=0, webkit=1, mobile-
    safari=1 nach reject — Firefox setzt KEIN Cookie nach Reject!
    (consent-tester Rebuild brachte playwright install-deps für system-libs)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

backend-compliance/compliance/services/specialist_agents/_kb/chat_providers.json

@@ -0,0 +1,158 @@
+{
+  "_schema_version": "1.0",
+  "_last_updated": "2026-06-06",
+  "_notes": "Anonymisierte Cookie-Pattern + Funktions-Klassifizierung pro Chat-Provider. Quelle: Anbieter-Dokumentation + EDPB-Cookie-Sweep + § 25 TDDDG. Kein Roh-Mandantendatum.",
+  "providers": {
+    "iadvize": {
+      "company": "iAdvize SAS",
+      "country": "FR",
+      "type": "Chat & Conversational Platform",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^iadvize-\\d+-vuid$", "purpose": "Visitor-ID + Chat-Verlauf-Wiedererkennung", "default_class": "consent_required"},
+        {"regex": "^iadvize-\\d+-consent$", "purpose": "Consent-State für iAdvize", "default_class": "technically_necessary"},
+        {"regex": "^iadvize_test_cookie_top_domain$", "purpose": "Tech-Probe für Root-Domain-Detektion", "default_class": "technically_necessary"}
+      ],
+      "typical_retention_days": 390,
+      "tn_functions": ["chat-continuation", "session-context", "logged-in-chat", "consent-state"],
+      "cp_functions": ["visitor-targeting", "engagement-rules", "ab-tests", "chat-analytics"]
+    },
+    "intercom": {
+      "company": "Intercom Inc",
+      "country": "US",
+      "type": "Chat & Customer-Messaging-Platform",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^intercom-id-[\\w-]+$", "purpose": "Identifier-Cookie für Wiedererkennung", "default_class": "consent_required"},
+        {"regex": "^intercom-session-[\\w-]+$", "purpose": "Aktuelle Chat-Session", "default_class": "technically_necessary"},
+        {"regex": "^intercom-device-id-[\\w-]+$", "purpose": "Device-Fingerprint", "default_class": "consent_required"}
+      ],
+      "typical_retention_days": 270,
+      "tn_functions": ["session-context"],
+      "cp_functions": ["device-tracking", "user-recognition-across-sites", "marketing-attribution"]
+    },
+    "tidio": {
+      "company": "Tidio LLC",
+      "country": "US",
+      "type": "Chat-Widget + Chatbot",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^TidioStore_[\\w-]+$", "purpose": "Chat-Konfiguration + Verlauf", "default_class": "consent_required"},
+        {"regex": "^tidio[_-]?identify[_-].*$", "purpose": "Visitor-Identifikation", "default_class": "consent_required"}
+      ],
+      "typical_retention_days": 365,
+      "tn_functions": ["chat-continuation"],
+      "cp_functions": ["visitor-tracking", "lead-scoring", "marketing-automation"]
+    },
+    "drift": {
+      "company": "Drift.com Inc",
+      "country": "US",
+      "type": "Conversational-Marketing-Platform",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^driftt_aid$", "purpose": "Anonymous Visitor-ID", "default_class": "consent_required"},
+        {"regex": "^driftt_uid$", "purpose": "Logged-in User-ID", "default_class": "technically_necessary"},
+        {"regex": "^drift_eid$", "purpose": "Email-Address-Identifier", "default_class": "consent_required"}
+      ],
+      "typical_retention_days": 365,
+      "tn_functions": ["logged-in-chat", "session-context"],
+      "cp_functions": ["lead-generation", "conversational-marketing", "ab-testing"]
+    },
+    "userlike": {
+      "company": "Userlike UG",
+      "country": "DE",
+      "type": "Chat-Widget + Chatbot",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^userlike-cookie-banner[\\w-]*$", "purpose": "Consent-State für Userlike", "default_class": "technically_necessary"},
+        {"regex": "^userlike-[\\w-]+-id$", "purpose": "Visitor-Identifier", "default_class": "consent_required"}
+      ],
+      "typical_retention_days": 365,
+      "tn_functions": ["chat-continuation", "consent-state"],
+      "cp_functions": ["visitor-tracking"]
+    },
+    "zendesk_chat": {
+      "company": "Zendesk Inc",
+      "country": "US",
+      "type": "Chat & Customer-Support",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^__zlcmid$", "purpose": "Live-Chat-Identifier", "default_class": "technically_necessary"},
+        {"regex": "^_zendesk_[\\w-]+$", "purpose": "Session-/Tracking-Cookie", "default_class": "consent_required"}
+      ],
+      "typical_retention_days": 365,
+      "tn_functions": ["live-chat-session"],
+      "cp_functions": ["analytics", "marketing-tracking"]
+    },
+    "liveperson": {
+      "company": "LivePerson Inc",
+      "country": "US",
+      "type": "Conversational-AI-Platform",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^LP_[\\w-]+$", "purpose": "LivePerson-Visitor-ID", "default_class": "consent_required"},
+        {"regex": "^liveperson-[\\w-]+$", "purpose": "Session/Engagement", "default_class": "consent_required"}
+      ],
+      "typical_retention_days": 365,
+      "tn_functions": ["chat-session"],
+      "cp_functions": ["visitor-tracking", "engagement-engine", "ai-chat-analytics"]
+    },
+    "hubspot_chat": {
+      "company": "HubSpot Inc",
+      "country": "US",
+      "type": "Chat + CRM-Integration",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^hubspotutk$", "purpose": "HubSpot Visitor-Token", "default_class": "consent_required"},
+        {"regex": "^__hssc$", "purpose": "Session-Tracking", "default_class": "consent_required"},
+        {"regex": "^__hssrc$", "purpose": "Browser-Restart-Detection", "default_class": "consent_required"},
+        {"regex": "^__hstc$", "purpose": "Visitor-Tracking", "default_class": "consent_required"},
+        {"regex": "^messagesUtk$", "purpose": "Chat-Conversation-Token", "default_class": "technically_necessary"}
+      ],
+      "typical_retention_days": 390,
+      "tn_functions": ["chat-conversation"],
+      "cp_functions": ["crm-integration", "marketing-attribution", "lead-scoring"]
+    },
+    "vertex_ai_chatbot": {
+      "company": "Google Cloud (Vertex AI)",
+      "country": "US (EU-Hosting möglich)",
+      "type": "AI-Chatbot (LLM-basiert)",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^_GRECAPTCHA$", "purpose": "reCAPTCHA-Protection für Vertex-AI-Frontend", "default_class": "technically_necessary"},
+        {"regex": "^GOOGLE_AUTH.*$", "purpose": "Google-Auth-Token (wenn embedded)", "default_class": "technically_necessary"}
+      ],
+      "typical_retention_days": 180,
+      "tn_functions": ["bot-protection", "auth-token"],
+      "cp_functions": ["chat-analytics", "improvement-feedback"],
+      "ai_act_disclosure_required": true
+    },
+    "openai_chatbot": {
+      "company": "OpenAI LLC",
+      "country": "US",
+      "type": "AI-Chatbot (GPT-Modelle)",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^__cf_bm$", "purpose": "Cloudflare-Bot-Schutz", "default_class": "technically_necessary"},
+        {"regex": "^_cfuvid$", "purpose": "Cloudflare-Visitor-ID", "default_class": "consent_required"}
+      ],
+      "typical_retention_days": 365,
+      "tn_functions": ["bot-protection"],
+      "cp_functions": ["visitor-tracking", "ai-conversation-analytics"],
+      "ai_act_disclosure_required": true
+    },
+    "anthropic_claude": {
+      "company": "Anthropic PBC",
+      "country": "US",
+      "type": "AI-Chatbot (Claude-Modelle)",
+      "ai_capable": true,
+      "patterns": [
+        {"regex": "^cf_clearance$", "purpose": "Cloudflare-Anti-Bot", "default_class": "technically_necessary"}
+      ],
+      "typical_retention_days": 30,
+      "tn_functions": ["bot-protection"],
+      "cp_functions": ["chat-analytics"],
+      "ai_act_disclosure_required": true
+    }
+  }
+}